Authentication

Authentication is the process of verifying a user’s identity, providing access control to all interfaces of the Deckhouse Kubernetes Platform (DKP) and cluster resources.
The platform implements end-to-end authentication, allowing a unified mechanism to be applied both to internal components and user applications.

The core of the authentication mechanism is a federated OpenID Connect (OIDC) provider — Dex.
Learn more about how authentication works in the Architecture section.

Depending on the configuration, DKP supports two authentication approaches:

Local authentication — users and groups are created directly in the cluster and stored as User and Group resources.
The User resource stores a hashed version of the password (bcrypt), not the plain-text password.
Integration with external providers — enables connection to systems like LDAP, GitLab, GitHub, and others to support single sign-on across multiple DKP clusters.

From the perspective of a cluster user or application developer, the method chosen by the administrator to configure authentication in DKP does not matter — the authentication interface and integration steps are the same.

The platform also provides capabilities for:

Enabling authentication for any web application in the cluster.
Configuring authenticated access to the Kubernetes API via a load balancer.

Additional resources

An error has occurred

Tell us what you didn’t like.

Authentication

Additional resources

An error has occurred

Tell us what you didn’t like.

Request trial access

Thank you

Error

Request callback

Thank you

Something went wrong

Book your sessions

Thank you

Error

Request demo

Thank you

Error

Get the PCI SSC Compliance Report

Thank you

Error